Technology Reseller v11

technolog y reseller.co.uk DATA PROTECTION 31 SARs alert Content Services In this context, Content Services Platforms (CSPs) that use powerful audit and analytical capabilities to unify data based on its content, rather than where it’s stored, could provide a solution. CSPs’ repository-neutral approach enables firms managing Subject Access Requests to identify data residing in different information silos within their business so that as SARs are made they can quickly serve up the required data in an appropriate format. Moreover, while GDPR solutions tend to look for personal information in the file system and network drives, in Word documents and Excel spreadsheets and in other repositories that store unstructured content, they tend not to look for it in core enterprise systems, which typically store large quantities of personal information. A Content Services Platform can look at file systems for unstructured content alongside the enterprise systems it connects to, such as database applications containing structured data. When the CSP serves as a centralised hub that connects structured data systems with unstructured content repositories, organisations benefit from a 360-degree view of GDPR-related data, from which SAR-specific information can easily be pulled, compiled and delivered. We can’t know how many SARs organisations will receive now that GDPR has come into force, but CIOs need to be prepared by making personal data secure and straightforward to locate. Relying on manual processes and inadequate technology is high risk when it comes to SARs – and unnecessary given the Content Services Platforms available. www.nuxeo.com The General Data Protection Regulation (GDPR), which came into force on May 25, completely overhauls how organisations manage the personal data of EU citizens, as well as their access rights to that data. This much we all know. But GDPR isn’t just about safeguarding personal and sensitive data. It also addresses the overlooked issue of Subject Access Requests, or SARs, which give individuals the right to find out what personal data of theirs an organisation holds, why the organisation is holding it and who that information is disclosed to. Changes to SARs SARs are not a new concept – they existed in the previous 1998 Data Protection Act (DPA). However, GDPR makes a number of changes: n organisations must now respond to a SAR within 30 days, not 40 as specified by the DPA; n individuals can request that an organisation provides the data digitally, not just as a printout; and n SARs are now free, unless the request is judged ‘manifestly unfounded or excessive’, whereas before an organisation could levy a charge for providing the information. These changes make it even more important that personal information is easily accessible and shareable with the individual concerned and that SARs are generated properly and in the right format. If they haven’t already done so, it is imperative that CIOs put policies and procedures in place to process SARs efficiently, taking into account the new timescales that will need to be adhered to. A good motivator here is the risk of negative publicity. According to ICO statistics, mishandling of SARs is the number one source of data protection complaints. In 2016, 42% of the 18,000+ data protection- related complaints logged with the UK’s official privacy watchdog related to the access of personal data held by third parties. GDPR’s tighter timescale, the extra cost involved and the ability for individuals to request digital delivery mean that handling SARs after May 25th could be even trickier for the unprepared. If they haven’t already done so, it is imperative that CIOs put policies and procedures in place to process SARs efficiently David Jones explains how content services platforms can help organisations manage Subject Access Requests David Jones to subscribe and become a member you get special and exclusive content. About 6,000 people have chosen to do that. TR: I see you are hosting a Women in Information Management reception at AIIM Forum UK. Please could you tell me a little more about that initiative. PW: We launched it at the US AIIM conference last year to help women take leadership roles in organisations, starting with our world, which is decidedly male, decidedly white older male. The initiative is now a year old and has a community of 2,000. There is no fee to join, but you do have to sign up. We do a variety of activities throughout the year – a lot in the form of webinars, but we do also meet up and try to connect people. TR: I always thought the records management world had a high proportion of female employees. PW: It does, but they tend to have lower management positions. When you look at the solutions providers in our space and all the VPs of product marketing etc., they are predominantly male, and the CIOs are still predominantly men. So yes, there are many women record managers, but they don’t have a seat at the table. While we aim to elevate the role of records manager regardless of gender, getting more women in leadership and high level positions is a very specific objective of ours. TR: Finally, what do you hope delegates will take away from AIIM Forum UK? PW: We want them to be really comfortable with our intelligent information management roadmap. That will provide them with a good learning path, with a good blueprint for achieving digital transformation. Our change of name became official on January 1 and I want to make sure that the AIIM Forum UK community feels good about that and understands the roadmap. The four elements of the roadmap give people something to work with other than a blank whiteboard and the assumption that digital transformation happens with a big bang. Because it doesn’t. www.aiimforum.co.uk ...continued David Jones is Director of Product Marketing at Content Services specialist Nuxeo.